Trading giant ACY Securities exposed 60 GB of personal info

Sydney, Australia-based trading company ACY Securities (acy.com) exposed a massive trove of personal and financial data of unsuspected users and businesses online for public access.

It happened due to a misconfigured database owned by ACY Securities. The worse part of the data leak is the fact that it contained over 60 GB worth of data that was left exposed without any security authentication. This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to ACY’s data which contained logs from February 2020 while being updated with the latest data set every second.

As seen by the cybersecurity experts, the exposed database hosted the following user data:

Full name
Postcode
Full address
Date of birth
Name of city
Gender details
Email address
Phone Number
Hashed password
Trading-related information like business details and more.

Most users and businesses were impacted from India, China, Spain, Brazil, Russia, Australia, Romania, Malaysia, Indonesia, United States, United Kingdom and many more.

Nevertheless, at the time of publishing this article, the exposed database was secured and its IP addresses were no longer accessible to the public.

In the same time, the ransomware operation that uses the LockBit 2.0 ransomware claims to have hit Foxconn Baja California and is threatening to release stolen information on June 11, unless the victim pays up.